This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/0jpOewhs5al4i2Un15buYjMlNLI.roa
File:                     0jpOewhs5al4i2Un15buYjMlNLI.roa (raw, json)
Hash identifier:          YIUbzKo2xMv9/Z1KjRiKTWnIZ7BfndO4Gvu0b8SDWI0=
Subject key identifier:   D2:3A:4E:7B:08:6C:E5:A9:78:8B:65:27:D7:96:EE:62:33:25:34:B2
Certificate issuer:       /CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
Certificate serial:       019B7AC85DACF8F7A6A8A134BB9B32119D10
Authority key identifier: BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/0jpOewhs5al4i2Un15buYjMlNLI.roa
Signing time:             Thu 01 Jan 2026 18:18:30 +0000
ROA not before:           Thu 01 Jan 2026 18:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62276
IP address blocks:        185.40.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5d:ac:f8:f7:a6:a8:a1:34:bb:9b:32:11:9d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
        Validity
            Not Before: Jan  1 18:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d23a4e7b086ce5a9788b6527d796ee62332534b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ab:89:de:e2:4d:0e:a2:70:7a:66:bd:27:49:
                    9d:81:e3:23:38:41:ba:44:bf:6a:fe:ef:31:5f:e1:
                    1b:1c:29:0c:91:2e:48:8e:cc:51:92:77:57:50:76:
                    19:71:6d:dc:ff:df:f4:5a:41:87:29:66:86:91:1a:
                    ce:aa:c5:99:a5:a5:89:d0:85:a6:23:fe:e6:f4:c2:
                    13:57:d3:cf:eb:73:4b:c7:ea:0e:1a:9d:6a:9e:ff:
                    8c:05:16:68:d3:76:8d:7a:81:c6:5e:54:44:5b:07:
                    3b:27:c0:dc:a0:bc:69:0f:89:4b:10:ce:d5:6d:80:
                    ed:20:a6:f6:a9:4a:0a:96:a0:2d:b7:1c:6c:3a:d2:
                    be:98:ba:68:d9:e5:60:78:e6:d8:6c:d3:e7:96:97:
                    d6:5f:6f:f4:69:ef:e9:34:96:5a:31:65:31:c5:0b:
                    d9:7f:c9:eb:21:a0:3e:85:6a:df:c4:ba:76:a1:bd:
                    f4:c0:8d:8b:5d:79:5c:89:45:05:1d:cd:3b:3a:11:
                    96:4a:a9:17:bf:6b:ec:d5:af:3f:09:1f:91:01:f3:
                    41:cc:b6:58:94:b1:a3:ad:6c:b1:be:89:3d:3f:cf:
                    6c:ed:d2:3f:c8:0f:e9:da:5d:5d:de:ae:0f:56:d7:
                    c5:22:b4:db:56:8b:50:0b:08:56:70:39:f0:42:87:
                    18:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:3A:4E:7B:08:6C:E5:A9:78:8B:65:27:D7:96:EE:62:33:25:34:B2
            X509v3 Authority Key Identifier:
                keyid:BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/0jpOewhs5al4i2Un15buYjMlNLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:9e:8f:ba:0d:ed:f0:61:25:de:17:2d:22:ba:c1:a4:5f:9b:
         f0:7b:5e:28:2e:e3:5f:02:e9:39:71:19:a9:ec:1d:71:cf:62:
         00:58:72:54:80:52:55:9c:c3:4a:4c:dc:20:3a:cc:3e:35:33:
         23:a6:fc:23:4b:0a:84:db:8a:32:da:d2:ce:6c:5b:1d:94:41:
         69:c8:9e:7c:78:6a:b7:fe:ee:f9:ec:1e:f9:c0:60:18:90:aa:
         4e:e9:22:d5:bf:88:0a:6b:66:c1:d4:d4:ca:dc:40:f5:f4:4c:
         f7:12:f2:cc:6e:12:97:86:ef:d2:2a:21:ba:0a:b4:a8:41:68:
         3d:7a:0c:60:a6:d8:23:e5:02:8c:c7:ca:53:55:81:46:08:36:
         28:ef:9e:dd:44:ab:92:a3:0e:d2:9a:f6:45:05:aa:1a:38:9f:
         8e:f6:d1:7f:ee:2e:f8:bd:4d:79:50:8f:d4:ae:dc:a5:64:6d:
         c1:cc:bf:5f:80:06:ac:ae:fc:10:97:3a:90:c8:31:ea:91:55:
         a1:d1:92:c0:23:bc:0f:e2:f7:fd:d9:35:8c:10:52:06:06:1f:
         c1:d3:7e:60:e2:28:b1:f7:cd:8a:d5:2e:98:98:b2:e0:d3:e0:
         2b:f2:6a:36:73:41:42:b5:34:a3:50:5b:0e:cf:80:62:8e:50:
         c0:c3:8b:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yF2s+PemqKE0u5syEZ0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWJkYzQxMDZhZGRlODllMWNlOWMzMmI4MDdiMjA4MmVi
Yjk5NDQwHhcNMjYwMTAxMTgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjNhNGU3YjA4NmNlNWE5Nzg4YjY1MjdkNzk2ZWU2MjMzMjUzNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjquJ3uJNDqJwema9J0mdgeMjOEG6
RL9q/u8xX+EbHCkMkS5IjsxRkndXUHYZcW3c/9/0WkGHKWaGkRrOqsWZpaWJ0IWm
I/7m9MITV9PP63NLx+oOGp1qnv+MBRZo03aNeoHGXlREWwc7J8DcoLxpD4lLEM7V
bYDtIKb2qUoKlqAttxxsOtK+mLpo2eVgeObYbNPnlpfWX2/0ae/pNJZaMWUxxQvZ
f8nrIaA+hWrfxLp2ob30wI2LXXlciUUFHc07OhGWSqkXv2vs1a8/CR+RAfNBzLZY
lLGjrWyxvok9P89s7dI/yA/p2l1d3q4PVtfFIrTbVotQCwhWcDnwQocYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNI6TnsIbOWpeItlJ9eW7mIzJTSyMB8GA1UdIwQY
MBaAFL9b3EEGrd6J4c6cMrgHsgguu5lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMt
YmVkYWMxMGFhY2RjLzEvMGpwT2V3aHM1YWw0aTJVbjE1YnVZak1sTkxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMtYmVkYWMxMGFhY2Rj
LzEvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSioMA0G
CSqGSIb3DQEBCwUAA4IBAQCJno+6De3wYSXeFy0iusGkX5vwe14oLuNfAuk5cRmp
7B1xz2IAWHJUgFJVnMNKTNwgOsw+NTMjpvwjSwqE24oy2tLObFsdlEFpyJ58eGq3
/u757B75wGAYkKpO6SLVv4gKa2bB1NTK3ED19Ez3EvLMbhKXhu/SKiG6CrSoQWg9
egxgptgj5QKMx8pTVYFGCDYo757dRKuSow7SmvZFBaoaOJ+O9tF/7i74vU15UI/U
rtylZG3BzL9fgAasrvwQlzqQyDHqkVWh0ZLAI7wP4vf92TWMEFIGBh/B035g4iix
982K1S6YmLLg0+Ar8mo2c0FCtTSjUFsOz4BijlDAw4sy
-----END CERTIFICATE-----